You may experience a problem that damages an area of a hard disk on which BitLocker stores critical information. This kind of problem may be caused by a hard disk failure or if Windows Vista exits unexpectedly.
Windows Vista can no longer start
If a drive is damaged, Windows Vista may no longer start. In this situation, you may be prompted to repair the computer. Some computers are configured to enter a recovery environment automatically in this situation. However, if the computer is not configured to enter a recovery environment automatically, you receive the following error message:
Windows failed to start. A recent hardware or software change might be the cause. To fix the problem:
1. Insert your Windows installation disc and restart your computer.
2. Choose your language settings, and then click "Next."
3. Click "Repair your computer."
If you do not have this disc, contact your system administrator or computer manufacturer for assistance.
Info: The selected entry could not be loaded because the application is missing or corrupt.
Windows Vista can no longer read the drive
Damage may occur on a drive that is not used to start Windows Vista. In this situation, you cannot unlock the damaged drive even when you use the correct recovery password or recovery key. Therefore, you cannot use another computer or another copy of Windows Vista to access the encrypted contents of the drive. In this scenario, the damaged drive may not appear in the BitLocker Drive Encryption Control Panel.Note
Damage to the volume may not be related to BitLocker. Therefore, we recommend that you try other tools to help diagnose and resolve the problem with the volume before you use the BitLocker Repair Tool. The Windows Vista DVD includes the Windows Recovery Environment (WinRE) together with an option to repair the computer. For more information about how to troubleshoot Windows Vista startup problems, visit the following Microsoft Web site:
To use the BitLocker Repair Tool
To use the BitLocker Repair Tool, follow these steps.
Step 1: Gather required materials
Obtain the following items to help you recover encrypted data from the affected volume:
- The drive on which the damaged volume is located. This is the drive that contains the encrypted volume that you want to repair.
- The recovery password or the recovery key for the encrypted volume. This is the recovery information that you saved when you enabled BitLocker.
- An external hard disk. Use this drive to store the recovered data. This drive must be at least as large as the drive from which you want to recover the data.
Caution All the data on the external drive will be removed when you perform the recovery operation.
- A USB flash drive. Use this storage device to store the BitLocker Repair Tool files. You can also store recovery information on this drive.
- The Windows Vista DVD. This enables you to start a command prompt.
The edition of Vista on the DVD and the installation of Vista on the computer must be the same.
Step 2: Download and install the BitLocker Repair Tool
Download and install the Bitlocker Repair Tool that is appropriate for the recovery DVD that you plan to use. When prompted, click Accept
to accept the license terms.
Step 3: Copy the BitLocker Repair Tool files to a removable device
After installation, copy the following files to the root of the removable device, such as a USB flash drive that will be used for the recovery:
Also, create a folder named en-US in the root of the USB flash drive, and copy the following file to it:
Step 4: Open a Command Prompt window
- Use the Windows Vista DVD to start the computer.
- Select the appropriate language settings, and then click Next.
- At the bottom of the Install Windows page, click Repair your computer.
- Follow the steps until you receive the option to click Choose a recovery tool, and then click Command Prompt.
Step 5: Determine which drives are present
- Verify that all the appropriate drives are connected to the computer. These connections include the external drive to which you want to copy the recovered data and the USB flash drive on which the BitLocker Repair Tools files are located.
- At the command prompt, type diskpart, and then press ENTER.
- At the diskpart prompt, type list volume, and then press ENTER.
Use the output that is generated to establish the identification of the drive letters that are assigned to the following items:
- The damaged volume
- The external hard disk
- The USB flash drive
In Windows Vista, the encrypted volume will show as "RAW." For a BitLocker volume, this means that the volume is locked.
The following example output illustrates some of the information that may be generated when you run the diskpart list volume
DISKPART> list volumeVolume ### Ltr Label Fs Type Size Status Info---------- --- ----------- ----- ---------- ------- --------- -----Volume 0 E LR1CFRE_EN_ UDF DVD-ROM 2584 MB HealthyVolume 1 F Flash-1 FAT Removable 243 MB HealthyVolume 2 C SYSTEM NTFS Partition 1500 MB HealthyVolume 3 D RAW Partition 73 GB HealthyVolume 4 G EMPTY VOL NTFS Removable 149 GB Healthy
In this example, the output refers to the following items:
- Drive D is the damaged volume.
- Drive G is the external hard disk.
- Drive F is the USB flash drive.
To exit the diskpart prompt, type exit
, and then press ENTER.
Step 6: Locate the BitLocker Repair Tool files
At the command prompt, change directory to the drive on which the BitLocker Repair Tool files are located. For example, change to drive F.
Step 7: Use the BitLocker Repair Tool to decrypt the data
To decrypt the encrypted data, type the following command, and then press ENTER:
repair-bde InputVolume OutputVolume -RecoveryPassword NumericalPassword
In this command, replace the placeholders with the following drive letters and password:
- Replace InputVolume with the drive letter of the damaged volume.
- Replace OutputVolume with the drive letter of the external hard disk.
- Replace NumericalPassword with the recovery password for the encrypted volume.
Note For more information about how to use a recovery password that is stored on a USB flash drive, see the "References" section.
For example, type the following command, and then press ENTER:
repair-bde D: G: -RecoveryPassword 111111-111111-111111-111111-111111-111111-111111-111111
Step 8: Verify and then examine the decrypted data
When the data decryption operation is complete, follow the instructions to run the chkdsk
command. After the chkdsk tool examines the hard disk for errors, you can then connect the external hard disk to another computer to view the data.
BitLocker Repair Tool recovery options
Sometimes, you cannot recover the data from the damaged volume by using the steps in the "To use the BitLocker Repair Tool" section. Sometimes, the data may be unrecoverable, regardless of the recovery effort. Therefore, we recommend that you perform regular backups of all the data on the hard disk.
To use the BitLocker Repair Tool without a Windows Vista DVD
You can use a Windows Vista DVD to provide a command prompt to run the BitLocker Repair Tool. You can also use other ways to start a command prompt. But the command prompt that you use must be running in a Windows Vista-based environment. Command prompts that you start from Microsoft Windows XP or from other environments that are not running Windows Vista are not supported. If another computer that is running Windows Vista is available, you can remove the damaged drive from the original computer and attach it to the Windows Vista-based computer to perform repairs.
To use the BitLocker Repair Tool without an external hard disk
We recommend that you use an external hard disk as the destination location for the data that you recover from a damaged encrypted volume. The steps described in the "To use the BitLocker Repair Tool" section enhance the ability to recover the data. This is because the steps in the "To use the BitLocker Repair Tool" section do not modify the damaged encrypted volume.
You can also use the BitLocker Repair Tool without using an external hard disk. This kind of repair may be successful if the damage is limited to the drive locations that are used to start Windows. However, there is an increased risk of data loss if you use this kind of repair operation on a volume that is extensively damaged. To perform this kind of repair, use the -NoOutputVolume
option when you run the repair-bde
command. For more information about how to use this option, see the "References" section.
To use the BitLocker Repair Tool together with a key package
Sometimes, if you use a key package, this gives you another opportunity to recover data from a damaged volume. In this scenario, you receive the following error message when you run the repair-bde
command to perform a standard repair operation:
ERROR: The input volume has suffered damages to critical information related to the decryption key.
Please try the -KeyPackage option to specify a key package. The volume may not be recoverable.
To better understand the role of the key package, it may help to understand how the BitLocker Repair Tool works without the -KeyPackage
BitLocker helps protect against unexpected damage by scattering multiple copies of critical information on the volume. To decrypt data, the BitLocker Repair Tool scans the volume to locate a usable copy of this critical information. If all the copies of the critical information are lost, the only way for the BitLocker Repair Tool to continue the recovery operation is to use a copy of this critical information that has been exported as a key package.
If you already save BitLocker recovery information to Active Directory Domain Services, the key package is stored in the same location in Active Directory Domain Services. Also, any user who has local Administrator rights can save the key package by running a script on the functioning encrypted drive.
To use the -KeyPackage
option, you must verify that the key package is available. Then you must provide this key package as a file to the BitLocker Repair Tool.
To use the BitLocker Repair Tool on a partially-encrypted volume
You can use the BitLocker Repair Tool on a partially-encrypted volume. This situation can result when the BitLocker encryption operation was not completed successfully. To do this, follow the same procedure that is described in the "To use the BitLocker Repair Tool" section. Note
When you specify the -KeyPackage
option to recover data from a partially-encrypted volume, the BitLocker Repair Tool considers all the data on the volume as encrypted data that must be recovered. Therefore, the BitLocker Repair Tool tries to decrypt all the data from the volume. If you do not specify the -KeyPackage
option, the BitLocker Repair Tool differentiates between the encrypted data on the volume and the data on the volume that is not encrypted.
BitLocker Repair Tool troubleshooting help
Error message 1
The system cannot execute the specified program.
You receive this error message if you are running the BitLocker Repair Tool in an unsupported environment. For example, you receive the error message if you are running the 32-bit version of the BitLocker Repair Tool in a 64-bit environment. The BitLocker Repair Tool must run in a supported Windows Vista environment.
Error message 2
Failed to open Drive_letter (0x80310000).
You receive this error message if the BitLocker Repair Tool cannot perform operations on a volume. In some cases, the -Force
option can help gain access to the volume. Also, make sure that you are running the tool in a supported Windows Vista environment.
Error message 3
The file or directory is corrupted and unreadable.
You might receive this error message if the volume information that catalogs files and folders is damaged or is missing. For example, formatting a volume destroys the catalog information. However, recoverable file contents might remain when the catalog is damaged. You can use the BitLocker Repair Tool to decrypt any file contents that remain on the volume. However, because the corresponding volume catalog information is not available, individual files and folders will not be easily available from the output volume. Check additional resources to determine whether the now-decrypted volume can fully be recovered.